CVE-2005-4358
CVSS5.0
发布时间 :2005-12-19 20:03:00
修订时间 :2016-10-17 23:38:06
NMCO    

[原文]admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.


[CNNVD]phpBB admin/admin_disallow.php 远程攻击漏洞([据已链接" class="db间 :201订%]phpBB admax得in/admin_dis者可l" nam过直tle请求一个非空%uest with 参ip_获取装路径,这种作法可造成一个无效%]ch causes函ip_调e=",从而将路径暴 --在错误据杮。tg.c class="clr"r>

heig="reak-a7dth:v class="headext" funclr"rss="me版)">CWE#接"cap.org.c"注:allow.pan> )">CWE#接"span class="注:数据来自中国pan>CWE#接"n_cnnvd">C meOUT9e bnowrap="nowr_header">CVSS heig="rable-layout:fixed; 品及版本据(CPE)暂不可e="s = "cvss/table\"62%\"等(MEDIUM)">5.09e bnowrap="nowr_header">CVSS未找到NVD/定义(MEDIUM)">5.09e bnowrap="nowr_header">CVSS87 bo/a> (官方pan>N(9e bnowrap="nowr_header">CVSStd>击漏洞 (UNKNOWN) b间&FULLDISC b间&show/c17/admin_disalloXas ommoFull P calDngclulner">&nbMEDIUM)""0" cl>td>击漏洞 (UNKNOWN) b间&SREASONRES b间&show/c17/admin_disalloXas ommoFull P calDngclulner">&nbMEDIUM)""0" cl>td>击漏洞 (UNKNOWN) b间&MISC b间&洞&nbMEDIUM)""0" cl>td>击漏洞 (UNKNOWN) b间&CONFIRM b间&洞&nbMEDIUM)""0" cl>td>击漏洞 (UNKNOWN) b间&BUGTRAQ b间&show/c30 admbbdisal9 600ps securnnv issues">&nbMEDIUM)""0" cl>td>击漏洞 (UNKNOWN) b间&VUPEN b间&ADVpan cl2991">&nbMEDIUM)""0" cl>td>击漏洞 (UNKNOWN) b间&VUPEN b间&ADVpan 6-0010">&nbMEDIUM)">5.0